Question 1mediummulti select
Full question →mediummulti selectObjective-mapped
A compliance archive writes one log file per day to Amazon S3. The logs are almost never accessed after day 30, but if they are needed they must still be retrievable in milliseconds. They must be deleted automatically after one year. Which two lifecycle settings should you apply? Select two.
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
Transition the objects to S3 Glacier Instant Retrieval after 30 days.
Glacier Instant Retrieval is designed for data that is rarely accessed but still needs millisecond retrieval. Because the logs remain in the archive for 11 more months, the 90-day minimum storage duration is not a problem, and the storage cost is lower than keeping them in a hotter class.
B
Best answer
Expire the objects after 365 days.
Lifecycle expiration enforces the one-year retention requirement automatically and prevents paying for storage beyond the compliance window. It also removes the operational risk of manual deletion.
C
Distractor review
Transition the objects to S3 Standard-IA after 30 days.
Standard-IA is a valid infrequent-access class, but it is typically more expensive than Glacier Instant Retrieval for data that is rarely read. Since the question explicitly asks for the most cost-optimized choice while preserving immediate retrieval, this is not the best answer.
D
Distractor review
Keep the logs in S3 Standard indefinitely and delete them manually when needed.
S3 Standard is unnecessary for data that becomes rarely accessed after 30 days, so it wastes storage cost over the remaining retention period. Manual deletion also weakens compliance controls and increases operational overhead.
E
Distractor review
Replicate the logs to another Region for cheaper archival storage.
Cross-Region replication adds storage and inter-Region data transfer cost. It does not reduce the cost of the retention policy described in the scenario and is not needed to meet the archive requirement.
Common exam trap
Common exam trap: NAT rules depend on direction and matching traffic
NAT is not only about the public address. The inside/outside interface roles and the ACL or rule that matches traffic are just as important.
Technical deep dive
How to think about this question
NAT questions usually test address translation, overload/PAT behaviour, static mappings and whether the right traffic is being translated. Read the interface direction and address terms carefully.
KKey Concepts to Remember
- Static NAT maps one inside address to one outside address.
- PAT allows many inside hosts to share one public address using ports.
- Inside local and inside global describe the private and translated addresses.
- NAT ACLs identify traffic for translation, not always security filtering.
TExam Day Tips
- Identify inside and outside interfaces first.
- Check whether the scenario needs static NAT, dynamic NAT or PAT.
- Do not confuse NAT matching ACLs with normal packet-filtering intent.
Related practice questions
Related SAA-C03 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
SAA-C03 VPC practice questions
Practise SAA-C03 questions linked to SAA-C03 VPC.
SAA-C03 S3 lifecycle policy questions
Practise SAA-C03 questions linked to SAA-C03 S3 lifecycle policy questions.
SAA-C03 RDS Multi-AZ questions
Practise SAA-C03 questions linked to SAA-C03 RDS Multi-AZ questions.
SAA-C03 IAM policy practice questions
Practise SAA-C03 questions linked to SAA-C03 IAM policy.
SAA-C03 Route 53 failover questions
Practise SAA-C03 questions linked to SAA-C03 Route 53 failover questions.
SAA-C03 CloudFront practice questions
Practise SAA-C03 questions linked to SAA-C03 CloudFront.
SAA-C03 NAT gateway questions
Practise SAA-C03 questions linked to SAA-C03 NAT gateway questions.
SAA-C03 VPC endpoint questions
Practise SAA-C03 questions linked to SAA-C03 VPC endpoint questions.
SAA-C03 Auto Scaling practice questions
Practise SAA-C03 questions linked to SAA-C03 Auto Scaling.
SAA-C03 disaster recovery questions
Practise SAA-C03 questions linked to SAA-C03 disaster recovery questions.
SAA-C03 high availability questions
Practise SAA-C03 questions linked to SAA-C03 high availability questions.
SAA-C03 cost optimization questions
Practise SAA-C03 questions linked to SAA-C03 cost optimization questions.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A team needs to distribute TCP traffic (not HTTP) across multiple services. The services must see the original client source IP for auditing. Which AWS load balancer is the best fit?
Question 2
A team wants to run containerized services with AWS-managed orchestration and autoscaling. They do NOT require Kubernetes compatibility. Which AWS service choice is most appropriate to meet these goals?
Question 3
A solutions architect is designing an S3 bucket for a IoT ingestion API. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure? The design must avoid adding custom operational scripts.
Question 4
A solutions architect is designing an S3 bucket for a claims portal. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure?
Question 5
A team wants to delegate IAM management to developers, but must ensure developers can never grant themselves permissions beyond a specific limit. Which AWS mechanism best matches this requirement?
Question 6
A solutions architect is designing an S3 bucket for a healthcare document service. The objects must never be publicly accessible, even if a developer later adds an overly broad bucket policy. What should the architect configure?
FAQ
Questions learners often ask
What does this SAA-C03 question test?
Static NAT maps one inside address to one outside address.
What is the correct answer to this question?
The correct answer is: Transition the objects to S3 Glacier Instant Retrieval after 30 days. — The best lifecycle approach is to transition the logs to a colder storage class that still offers immediate retrieval after the first 30 days, then expire them automatically at one year. Glacier Instant Retrieval fits because the files are rarely read but must remain quickly retrievable. The expiration rule ensures the archive stops paying for the logs after the retention period ends. Why others are wrong: Standard-IA meets the access requirement but is usually not the lowest-cost option for very infrequent access. Keeping the logs in S3 Standard wastes money after the access pattern changes. Replication to another Region adds cost rather than reducing it and does not address the retention requirement.
What should I do if I get this SAA-C03 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.